This section covers the following topics:
Oracle IRM distributes rights management between centralized servers and desktop agents. Authors continue to create documents and emails in their existing document and email applications.
Oracle IRM enables documents or emails to be automatically or manually sealed at any stage in their lifecycle, using sealing tools integrated into the Windows desktop, authoring applications, email clients, and content management and collaborative repositories. Sealing wraps documents and emails within a layer of strong encryption and digital signatures, together with indelible links back to network-hosted servers (operated by the organization to which the information belongs) that store the decryption keys and associated access rights.
Sealed documents and emails can be distributed by any existing means, such as email, web, file share, etc.
Access to sealed documents or emails is governed by rights, such as the right to open a document, the right to print it, and the right to copy information from it and paste it into another document. The rights are defined and assigned centrally by administrators, who group combinations of rights and end user identities into one or more "contexts". Authors control access to their documents by selecting the most appropriate predefined context at the time they seal it. The result is that authors do not make complex rights management decisions when they seal a new document.
Rights are stored on a server, separately from sealed documents and emails, enabling them to be assigned, updated or unassigned at any time. Access to and use of a particular sealed document can change throughout its life.
To create and use sealed documents and emails within their existing desktop applications, end users must download and install a single, small, universal agent called Oracle IRM Desktop. Oracle IRM Desktop authenticates users, transparently requesting rights from the server (Oracle IRM Server), and protecting and tracking sealed documents and emails while in use within native desktop applications.
User rights and audit records are automatically synchronized between Oracle IRM Desktop and Oracle IRM Server, ensuring completely transparent offline working without sacrificing revocability or requiring end users to remember to synchronize.
Oracle IRM Desktop and Oracle IRM Server together audit all attempted and actual end user access to sealed documents or emails. The Oracle IRM Server Management Console provides audit reporting. Audit records are stored in the Oracle IRM Server database.
The rights to use documents sealed by Oracle IRM are assigned on a user or group basis. These users and groups are not set up or maintained within Oracle IRM Server. Instead, connections are made to external directories containing the details of users and groups. The external directories are referenced during the post-installation procedures associated with Oracle IRM Server.
Oracle offers the following tools for managing Oracle IRM:
Oracle IRM Server Management Console
Oracle Enterprise Manager Fusion Middleware Control Console
Oracle WebLogic Scripting Tool (WLST)
Administrators should use these tools, rather than edit configuration files, to perform administrative tasks, unless a specific procedure requires you to edit a file. Editing a file may cause the settings to be inconsistent and generate problems.
The Management Console is a browser-based application used by the several types of Oracle IRM Server administrator to control access to protected content.
Use the Management Console to:
Create Oracle IRM administrators: domain administrators, domain managers, inspectors, and context managers. (Note, however, that it is the first user to log in to the Control Console who is made a domain administrator.)
Create roles.
Create and modify context templates.
Create, modify, and delete contexts, exclude specific documents from a context, and associate a context with trusted contexts.
Create and modify rights.
Generate reports.
Copy, rename, and change descriptions within Oracle IRM Server.
Add, change, and delete names and descriptions in multiple supported languages.
Note:
The first user to log in to the Control Console is made an Oracle IRM domain administrator.The Control Console is a browser-based application that is deployed when you install Oracle IRM Server as part of the Oracle Enterprise Manager Fusion Middleware suite.
Use the Control Console for these Oracle IRM tasks:
Set the cryptography algorithms and strengths to use for sealed content.
Set the URL of the server that sealed content must contact.
Set the URL of a privacy statement that users must accept before viewing sealed content.
Set a restriction on the number of devices that a sealed document can be used on simultaneously by one user
Set how frequently Oracle IRM Desktop will attempt to contact Oracle IRM Server to synchronize rights.
Set options for the age of retained report records and the frequency of their deletion.
Set options for context refresh periods that are available when creating or editing roles.
Set up test content that will be accessible when users successfully connect to Oracle IRM Server.
Set up multiple languages support for the names and descriptions of Oracle IRM contexts, roles, etc.
Set up multiple downloads of the Oracle IRM Desktop installation software to cover different combinations of language, product version, and locale.
Set up license record purges, status page redirection, and key store configuration.
Displaying the Control Console
For information about starting Oracle Enterprise Manager Fusion Middleware Control and displaying the Control Console, see Section 9, "Using Enterprise Manager Fusion Middleware Control Console for Oracle IRM".
Oracle provides the WebLogic Scripting Tool (WLST) to manage Oracle Fusion Middleware components, such as Oracle IRM Server, from the command-line.
WLST is a complete, command-line scripting environment for managing Oracle WebLogic Server domains, based on the Java scripting interpreter, Jython. In addition to supporting standard Jython features such as local variables, conditional variables, and flow control statements, WLST provides a set of scripting functions (commands) that are specific to Oracle WebLogic Server. You can extend the WebLogic scripting language to suit your needs by following the Jython language syntax.
Oracle WebCenter offers WLST commands for:
The functionality available on the Control Console (see Section 1.3.2, "Oracle Enterprise Manager Fusion Middleware Control Console ("The Control Console")").
Migrating users and groups from one identity store to another.
Running Oracle WebLogic Scripting Tool (WLST) Commands
To run WLST from the command line:
Navigate to the directory <home>/common/bin.
From the command line, enter the command:
wlst.sh
For example:
<home>/common/bin/wlst.sh
At the WLST command prompt, enter the following command to connect to the Administration Server for Oracle IRM:
wls:/offline>connect('<user_name>','<password>', '<host_name>:<port_number>')
where
<user_name> is the username of the operator who is connecting to the Administration Server
<password> is the password of the operator who is connecting to the Administration Server
<host_name> is the host name of the Administration Server
<port_number> is the port number of the Administration Server
For example:
connect('weblogic','welcome1', 'myhost.example.com:7001')
For help for this command, type help('connect') at the WLST command prompt.
Note:
If SSL is enabled, you must edit thewlst.sh file and append the following to JVM_ARGS:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.TrustKeyStore=KeyStoreName
or setenv CONFIG_JVM_ARGS
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.TrustKeyStore=KeyStoreName
Where KeyStoreName is the name of the keystore in use (DemoTrust for the built-in demonstration certificate).
Once connected to the Administration Server you can run any Oracle IRM or generic WLST command.
For a complete list, see Oracle IRM Custom WLST Commands in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.